#!/bin/bash

# 设置证书存放目录
SSL_DIR="."
mkdir -p ${SSL_DIR}

# 生成ECC私钥 (使用secp256r1曲线，也称为prime256v1)
openssl ecparam -name prime256v1 -genkey -noout -out ${SSL_DIR}/server.key

# 生成证书签名请求(CSR)
openssl req -new -key ${SSL_DIR}/server.key -out ${SSL_DIR}/server.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=Your Company/OU=Your Department/CN=localhost"

# 生成自签名证书(有效期10年)
openssl x509 -req -days 3650 -in ${SSL_DIR}/server.csr -signkey ${SSL_DIR}/server.key -out ${SSL_DIR}/server.crt

# 删除临时文件
rm ${SSL_DIR}/server.csr

echo "ECC SSL certificates generated successfully in ${SSL_DIR}/"